2장. 수동 DNSaaS 설치

참고

OpenStack 패키지를 받으려면 서버를 등록해야 합니다. 자세한 내용은 https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/8/html-single/director_installation_and_usage/#sect-Registering_your_System에서 참조하십시오.

1. 컨트롤러 노드에 DNSaaS 패키지를 설치합니다.

yum install openstack-designate-api openstack-designate-central openstack-designate-sink openstack-designate-pool-manager openstack-designate-mdns openstack-designate-common python-designate python-designateclient openstack-designate-agent

# yum install openstack-designate-api openstack-designate-central openstack-designate-sink openstack-designate-pool-manager openstack-designate-mdns openstack-designate-common python-designate python-designateclient openstack-designate-agent

Copy to Clipboard

Toggle word wrap

2. DNSaaS 및 Pool Manager 데이터베이스를 만듭니다. 환경에 맞게 IDENTIFIED BY 'ComplexAlphanumericPassword' 값을 업데이트합니다.

mysql -u root << EOF
CREATE DATABASE designate;
GRANT ALL ON designate.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword';
GRANT ALL ON designate.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword';
CREATE DATABASE designate_pool_manager;
GRANT ALL ON designate_pool_manager.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword';
GRANT ALL ON designate_pool_manager.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword';
FLUSH PRIVILEGES;
quit
EOF

# mysql -u root << EOF
CREATE DATABASE designate;
GRANT ALL ON designate.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword';
GRANT ALL ON designate.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword';
CREATE DATABASE designate_pool_manager;
GRANT ALL ON designate_pool_manager.* TO 'designate'@'%' IDENTIFIED BY 'ComplexAlphanumericPassword';
GRANT ALL ON designate_pool_manager.* TO 'designate'@'localhost' IDENTIFIED BY 'ComplexAlphanumericPassword';
FLUSH PRIVILEGES;
quit
EOF

Copy to Clipboard

Toggle word wrap

3. OpenStack Identity(keystone)에서 DNSaaS 서비스 계정과 엔드포인트를 만듭니다. 이 예에서는 DNSaaS 호스트 IP 주소 192.168.100.20 을 사용합니다. 환경에 맞게 이러한 단계를 업데이트해야 할 수도 있습니다.

openstack user create designate --password ComplexAlphanumericPassword --email designate@localhost
openstack role add --project service --user designate admin
openstack service create dns --name designate --description "Designate DNS Service"
openstack endpoint create --region RegionOne --publicurl http://192.168.100.20:9001 --internalurl http://192.168.100.20:9001 --adminurl http://192.168.100.20:9001 designate

$ openstack user create designate --password ComplexAlphanumericPassword --email designate@localhost
$ openstack role add --project service --user designate admin
$ openstack service create dns --name designate --description "Designate DNS Service"
$ openstack endpoint create --region RegionOne --publicurl http://192.168.100.20:9001 --internalurl http://192.168.100.20:9001 --adminurl http://192.168.100.20:9001 designate

Copy to Clipboard

Toggle word wrap

4. DNSaaS에 대한 방화벽 규칙을 추가합니다.

sudo iptables -I INPUT -p tcp -m multiport --dports 9001 -m comment --comment "designate incoming" -j ACCEPT
sudo iptables -I INPUT -p tcp -m multiport --dports 5354 -m comment --comment "Designate mdns incoming" -j ACCEPT

$ sudo iptables -I INPUT -p tcp -m multiport --dports 9001 -m comment --comment "designate incoming" -j ACCEPT
$ sudo iptables -I INPUT -p tcp -m multiport --dports 5354 -m comment --comment "Designate mdns incoming" -j ACCEPT

Copy to Clipboard

Toggle word wrap

로컬에서 DNS를 호스팅하는 경우 필요한 포트가 열려 있는지 확인합니다.

sudo iptables -I INPUT -p tcp -m multiport --dports 953 -m comment --comment "rndc incoming - bind only" -j ACCEPT
sudo service iptables save; sudo service iptables restart

$ sudo iptables -I INPUT -p tcp -m multiport --dports 953 -m comment --comment "rndc incoming - bind only" -j ACCEPT
$ sudo service iptables save; sudo service iptables restart

Copy to Clipboard

Toggle word wrap

5. DNSaaS 데이터베이스 연결 구성: 아래 단계에서 DNSaaS 호스트 IP 주소를 올바르게 입력해야 합니다. complexAlphanumericPassword 를 해당 환경과 일치하는 값으로 교체합니다.

crudini --set /etc/designate/designate.conf storage:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate
crudini --set /etc/designate/designate.conf storage:sqlalchemy max_retries -1
crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate_pool_manager
crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy max_retries -1

$ crudini --set /etc/designate/designate.conf storage:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate
$ crudini --set /etc/designate/designate.conf storage:sqlalchemy max_retries -1
$ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy connection mysql://designate:ComplexAlphanumericPassword@192.168.100.20/designate_pool_manager
$ crudini --set /etc/designate/designate.conf pool_manager_cache:sqlalchemy max_retries -1

Copy to Clipboard

Toggle word wrap

6. ID 서비스(keystone)에 대한 인증을 구성합니다. admin_password 옵션이 환경에 맞게 조정되었는지 확인합니다.

crudini --set /etc/designate/designate.conf keystone_authtoken auth_uri http://192.168.100.20:5000/v2.0
crudini --set /etc/designate/designate.conf keystone_authtoken identity_uri http://192.168.100.20:35357/
crudini --set /etc/designate/designate.conf keystone_authtoken admin_tenant_name service
crudini --set /etc/designate/designate.conf keystone_authtoken admin_user designate
crudini --set /etc/designate/designate.conf keystone_authtoken admin_password ComplexAlphanumericPassword

$ crudini --set /etc/designate/designate.conf keystone_authtoken auth_uri http://192.168.100.20:5000/v2.0
$ crudini --set /etc/designate/designate.conf keystone_authtoken identity_uri http://192.168.100.20:35357/
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_tenant_name service
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_user designate
$ crudini --set /etc/designate/designate.conf keystone_authtoken admin_password ComplexAlphanumericPassword

Copy to Clipboard

Toggle word wrap

7. RabbitMQ에 대한 DNSaaS 연결을 구성합니다.

rabbit_userid 및 rabbit_password 옵션이 환경에 맞는지 확인합니다.

crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_hosts 192.168.100.20:5672
crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_ha_queues False
crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_host 192.168.100.20
crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_port 5672
crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_userid amqp_user
crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_password ComplexAlphanumericPassword
crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_virtual_host /

$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_hosts 192.168.100.20:5672
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_ha_queues False
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_host 192.168.100.20
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_port 5672
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_userid amqp_user
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_password ComplexAlphanumericPassword
$ crudini --set /etc/designate/designate.conf oslo_messaging_rabbit rabbit_virtual_host /

Copy to Clipboard

Toggle word wrap

8. 초기 DNSaaS 구성을 추가합니다.

crudini --set /etc/designate/designate.conf DEFAULT notification_driver nova.openstack.common.notifier.rpc_notifier
crudini --set /etc/designate/designate.conf DEFAULT notification_driver messaging
crudini --set /etc/designate/designate.conf DEFAULT notification_topics notifications_designate
crudini --set /etc/designate/designate.conf service:api api_host 0.0.0.0
crudini --set /etc/designate/designate.conf service:api api_port 9001
crudini --set /etc/designate/designate.conf service:api auth_strategy keystone
crudini --set /etc/designate/designate.conf service:api enable_api_v1 True
crudini --set /etc/designate/designate.conf service:api enabled_extensions_v1 "diagnostics, quotas, reports, sync, touch"
crudini --set /etc/designate/designate.conf service:api enable_api_v2 True
crudini --set /etc/designate/designate.conf service:api enabled_extensions_v2 "quotas, reports"

$ crudini --set /etc/designate/designate.conf DEFAULT notification_driver nova.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/designate/designate.conf DEFAULT notification_driver messaging
$ crudini --set /etc/designate/designate.conf DEFAULT notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf service:api api_host 0.0.0.0
$ crudini --set /etc/designate/designate.conf service:api api_port 9001
$ crudini --set /etc/designate/designate.conf service:api auth_strategy keystone
$ crudini --set /etc/designate/designate.conf service:api enable_api_v1 True
$ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v1 "diagnostics, quotas, reports, sync, touch"
$ crudini --set /etc/designate/designate.conf service:api enable_api_v2 True
$ crudini --set /etc/designate/designate.conf service:api enabled_extensions_v2 "quotas, reports"

Copy to Clipboard

Toggle word wrap

9. 풀 관리자를 구성합니다.

참고

현재는 백엔드가 선택되지 않았으므로 풀 대상을 아직 구성하지 않습니다. 이는 이 절차의 뒷부분에서 수행됩니다.

pool_id 가 하드 코딩되므로 아래 표시된 UUID 를 사용합니다.

pool_id=794ccc2c-d751-44fe-b57f-8894c9f5c842
nameserver_id=$(uuidgen)
target_id=$(uuidgen)
crudini --set /etc/designate/designate.conf service:pool_manager pool_id $pool_id
crudini --set /etc/designate/designate.conf pool:$pool_id nameservers $nameserver_id
crudini --set /etc/designate/designate.conf pool:$pool_id targets $target_id
crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id port 53
crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id host 192.168.100.20

# pool_id=794ccc2c-d751-44fe-b57f-8894c9f5c842
# nameserver_id=$(uuidgen)
# target_id=$(uuidgen)
$ crudini --set /etc/designate/designate.conf service:pool_manager pool_id $pool_id
$ crudini --set /etc/designate/designate.conf pool:$pool_id nameservers $nameserver_id
$ crudini --set /etc/designate/designate.conf pool:$pool_id targets $target_id
$ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id port 53
$ crudini --set /etc/designate/designate.conf pool_nameserver:$nameserver_id host 192.168.100.20

Copy to Clipboard

Toggle word wrap

10. DNSaaS 싱크를 구성합니다.

참고

지금은 싱크에서 사용하는 도메인을 구성하지 않습니다(아직 존재하지 않음).

crudini --set /etc/designate/designate.conf service:sink enabled_notification_handlers "nova_fixed, neutron_floatingip"
crudini --set /etc/designate/designate.conf handler:nova_fixed notification_topics notifications_designate
crudini --set /etc/designate/designate.conf handler:nova_fixed control_exchange nova
crudini --set /etc/designate/designate.conf handler:nova_fixed format "%(display_name)s.%(domain)s"
crudini --set /etc/designate/designate.conf handler:neutron_floatingip notification_topics notifications_designate
crudini --set /etc/designate/designate.conf handler:neutron_floatingip control_exchange neutron
crudini --set /etc/designate/designate.conf handler:neutron_floatingip format "%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s"

$ crudini --set /etc/designate/designate.conf service:sink enabled_notification_handlers "nova_fixed, neutron_floatingip"
$ crudini --set /etc/designate/designate.conf handler:nova_fixed notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf handler:nova_fixed control_exchange nova
$ crudini --set /etc/designate/designate.conf handler:nova_fixed format "%(display_name)s.%(domain)s"
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip notification_topics notifications_designate
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip control_exchange neutron
$ crudini --set /etc/designate/designate.conf handler:neutron_floatingip format "%(octet0)s-%(octet1)s-%(octet2)s-%(octet3)s.%(domain)s"

Copy to Clipboard

Toggle word wrap

11. 알림을 보내도록 Compute 및 OpenStack Networking 구성

참고

Ceilometer의 에이전트도 알림을 수신 대기하고 사용합니다. 충돌하지 않도록 특정 Designate 알림 대기열(아래 참조)을 만듭니다.

Kilo 릴리스의 OpenStack Compute는 알림 드라이버로 메시징 으로 전환되었으며 이전에는 nova.openstack.common.notifier.rpc_notifier였습니다.

crudini --set /etc/nova/nova.conf DEFAULT notification_topics notifications,notifications_designate
crudini --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit true
crudini --set /etc/neutron/neutron.conf DEFAULT notification_driver neutron.openstack.common.notifier.rpc_notifier
crudini --set /etc/neutron/neutron.conf DEFAULT notification_topics notifications,notifications_designate
sudo systemctl restart nova.service
sudo systemctl restart neutron.service

$ crudini --set /etc/nova/nova.conf DEFAULT notification_topics notifications,notifications_designate
$ crudini --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
$ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
$ crudini --set /etc/nova/nova.conf DEFAULT instance_usage_audit true
$ crudini --set /etc/neutron/neutron.conf DEFAULT notification_driver neutron.openstack.common.notifier.rpc_notifier
$ crudini --set /etc/neutron/neutron.conf DEFAULT notification_topics notifications,notifications_designate
$ sudo systemctl restart nova.service
$ sudo systemctl restart neutron.service

Copy to Clipboard

Toggle word wrap

12. nova.conf 에서 notification_driver 를 수동으로 확인합니다.

참고

nova.conf 에서 여러 notification_drivers 가능성이 있기 때문에 crudini 명령에서 문제가 발생할 수 있습니다. DEFAULT 섹션에서 확인하여 다음 두 항목이 있는지 확인합니다.

notification_driver=ceilometer.compute.nova_notifier
notification_driver=messaging

notification_driver=ceilometer.compute.nova_notifier
notification_driver=messaging

Copy to Clipboard

Toggle word wrap

참고

별도의 컴퓨팅 노드를 사용하는 경우 nova.conf 에서 다음 설정이 필요합니다.

notification_driver =nova.openstack.common.notifier.rabbit_notifier,ceilometer.compute.nova_notifier
notification_driver =messaging
notification_topics=notifications,notifications_designate

notification_driver =nova.openstack.common.notifier.rabbit_notifier,ceilometer.compute.nova_notifier
notification_driver =messaging
notification_topics=notifications,notifications_designate

Copy to Clipboard

Toggle word wrap

13. DNSaaS 및 풀 관리자 캐시를 동기화합니다.

designate-manage database sync
designate-manage pool-manager-cache sync

# designate-manage database sync
# designate-manage pool-manager-cache sync

Copy to Clipboard

Toggle word wrap

14. DNSaaS 서비스를 활성화하고 시작합니다.

systemctl enable designate-central
systemctl enable designate-api
systemctl enable designate-mdns
systemctl enable designate-pool-manager
systemctl start designate-central
systemctl start designate-api
systemctl start designate-mdns
systemctl start designate-pool-manager

# systemctl enable designate-central
# systemctl enable designate-api
# systemctl enable designate-mdns
# systemctl enable designate-pool-manager
# systemctl start designate-central
# systemctl start designate-api
# systemctl start designate-mdns
# systemctl start designate-pool-manager

Copy to Clipboard

Toggle word wrap

참고

이 시점에서 풀에 대한 DNS 대상을 생성하지 않았으므로 아직 DNSaaS 배포가 작동하지 않습니다.

2장. 수동 DNSaaS 설치

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat 소개

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links